Sporadic Download Speeds?

[Askew3316]

Hi, hopefully this is right section of the forum to be posting to.

I started setting up OPNsense the other day and was able to get my LAN devices to see the internet, but nearly none of them are pulling full speed over ethernet or WiFi from my access point. I ran a speed test on a few devices, here are the results:

OPNsense:
   Wired:
      Download: 907.13 Mbps
      Upload: 40.84 Mbps

Fold 4:
   Wireless (Cellular Off):
      Download: 114 Mbps
      Upload: 37.8 Mbps
   Wired (Lenovo RTL8153-04 J6-4)
      Download: 399 Mbps
      Upload: 41 Mbps

Surface Book 2:
   Wireless:
      Download: 196.06 Mbps
      Upload: 41.68 Mbps
   Wired (Lenovo RTL8153-04 J6-4):
      Download: 135.97 Mbps
      Upload: 40.89 Mbps

Xbox Series S:
   Wireless:
      Download: 259.49 Mbps
      Upload: 41.08 Mbps
   Wired:
      Download: 366.37 Mbps
      Upload: 41.21 Mbps
      
Shield TV Pro 2019:
   Wired:
      Download: 75.81 Mbps
      Upload: 43.15 Mbps

Desktop PC:
   Wired:
      Download: 892.80 Mbps
      Upload: 41.80 Mbps

Earlier today, I had my Surface Book only getting 75 Mbps down on a few different test attempts.

As for my hardware, I'm running OPNsense in a VM through Proxmox, which has the internal ethernet port of the PC passed through as a PCI device. WAN comes in on VLAN100 through my Cisco switch, while LAN is set to VLAN200. I've also added the parent device as its own interface, enabled but with no IP set, but that doesn't seem to have made a difference despite what I've been reading.

Any suggestions on troubleshooting I can do to figure out what's going on?

[Sorjal]

I'm fairly new to all of this myself, but I would also try and check speeds between lan devices first to see if it's some misconfiguration or other issues on the lan side. With the hardware you listed perhaps Surface to and from desktop and see if the speeds match or are much higher than to something outside of your local network, though note that the slowest device will be the speed limiter. Another comparison to do would be disabling firewall functions, suricata, etc. to see if it's a rule, packet inspection, or something there. You can also bypass the entire firewall hardware if something else on your lan such as wireless router can act as the dhcp provider, etc. and bypassing the lan entirely such as by running wired say from your desktop to your cable modem or other device that provides your internet connection. Compare all these numbers for the same device and see where the biggest drop in speeds is and then you at least have a starting point to look into for the biggest potential improvement. Some slowdowns are just going to be present, say for packet inspection so then you have to weigh feature vs speed and determine what's most important for you. If it's say suricata, zenarmor, or similar you can try using exceptions, rules, whitelisting, etc. to try and mitigate speed decreases for specific traffic that you assume to be safe.  Someone with more professional experience and a better undestanding can help.

Lastly device information regarding the hardware opnsense is running may also be helpful. Perhaps there's a driver that needs a particular plug in (I believe there's a Realtek one) that may help as well.

[CJ]

Can you post a network diagram?  Include all of the details showing the VLANs, switches, etc.